Home
EN
Location
Documentation Home
Palo Alto Networks
Support
Live Community
Knowledge Base
MENU
Home
Prisma
Prisma Cloud
Prisma Cloud Compute Edition Administrator’s Guide
Runtime defense
Event Aggregation
Document:
Prisma Cloud Compute Edition Administrator’s Guide
Event Aggregation
Download PDF
Last Updated:
Mon Nov 21 16:12:28 UTC 2022
Current Version:
Self.Hosted 22.06
Version Prisma Cloud Enterprise Edition
Version Self-Hosted 30.xx
Version Self-Hosted 22.12
Version Self-Hosted 22.06
Version Self-Hosted 22.01
Version Self-Hosted 21.08 (EoL)
Version Self-Hosted 21.04 (EoL)
Table of Contents
Filter
Welcome
Releases
Getting started
Product architecture
Support lifecycle
Security Assurance Policy on Prisma Cloud Compute
Licensing
Prisma Cloud Enterprise Edition vs Compute Edition
Utilities and plugins
Install
Getting started
System Requirements
Prisma Cloud container images
Onebox
Kubernetes
OpenShift v4
Console on Fargate
Amazon ECS
Alibaba Cloud Container Service for Kubernetes (ACK)
Azure Kubernetes Service (AKS)
Amazon Elastic Kubernetes Service (EKS)
Google Kubernetes Engine (GKE)
Google Kubernetes Engine (GKE) Autopilot
IBM Kubernetes Service (IKS)
Windows
Defender types
Cluster Context
Install Defender
Install a single Container Defender
Automatically Install Container Defender in a Cluster
App-Embedded Defender
App-Embedded Defender for Fargate
Default setting for App-Embedded Defender file system protection
VMware Tanzu Application Service (TAS) Defender
Serverless Defender
Serverless Defender as a Lambda layer
Auto-defend serverless functions
Install a single Host Defender
Auto-defend hosts
Deploy Prisma Cloud Defender from the GCP Marketplace
Decommission Defenders
Redeploy Defenders
Uninstall Defenders
Upgrade
Support lifecycle for connected components
Prisma Cloud’s backward compatibility and upgrade process
Upgrade Onebox
Kubernetes
OpenShift
Helm charts
Amazon ECS
Upgrade the Single Container Defenders
Upgrade Defender DaemonSets
Upgrade Defender DaemonSets (Helm)
Technology overviews
Intelligence Stream
Prisma Cloud Advanced Threat Protection
App-specific network intelligence
Container Runtimes
Radar
Serverless Radar
Prisma Cloud Rules Guide - Docker
Defender architecture
Host Defender architecture
TLS v1.2 cipher suites
Telemetry
Configure
Rule ordering and pattern matching
Backup and restore
Custom feeds
Configuring Prisma Cloud proxy settings
Prisma Cloud Compute certificates
Configure Agentless Scanning
Agentless Scanning Modes
Configure scanning
User certificate validity period
Enable HTTP access to Console
Set different paths for Defender and Console (with DaemonSets)
Authenticate to Console with certificates
Configure custom certs from a predefined directory
Customize terminal output
Collections
Tags
Logon settings
Reconfigure Prisma Cloud
Subject Alternative Names
WildFire Settings
Log Scrubbing
Clustered-DB
Permissions by feature
Authentication
Logging into Prisma Cloud
Integrating with an IdP
Integrate with Active Directory
Integrate with OpenLDAP
Integrate Prisma Cloud with Open ID Connect
Integrate with Okta via SAML 2.0 federation
Integrate Google G Suite via SAML 2.0 federation
Integrate with Azure Active Directory via SAML 2.0 federation
Integrate with PingFederate via SAML 2.0 federation
Integrate with Windows Server 2016 & 2012r2 Active Directory Federation Services (ADFS) via SAML 2.0 federation
Integrate Prisma Cloud with GitHub
Integrate Prisma Cloud with OpenShift
Non-default UPN suffixes
Compute user roles
Assign roles
Credentials store
Cloud accounts
Vulnerability management
Prisma Cloud vulnerability feed
Vulnerability Explorer
Vulnerability management rules
Search CVEs
Scan reports
Scanning procedure
Customize image scanning
Configure Registry Scans
Registry scanning
Scan Images in Sonatype Nexus Registry
Scan images in Alibaba Cloud Container Registry
Scan images in Amazon EC2 Container Registry (ECR)
Scan images in Azure Container Registry (ACR)
Scan images in Docker Registry v2 (including Docker Hub)
Scan images in Google Artifact Registry
Scan images in Google Container Registry (GCR)
Scan images in Harbor Registry
Scan images in IBM Cloud Container Registry
Scan images in Artifactory Docker Registry
Scan images in OpenShift integrated Docker registry
Trigger registry scans with Webhooks
Base images
Configure VM image scanning
Configure code repository scanning
Agentless scanning
Malware scanning
Vulnerability risk tree
Vulnerabilities Detection
CVSS scoring
Windows container image scanning
Serverless function scanning
VMware Tanzu blobstore scanning
Scan App-Embedded workloads
Troubleshoot vulnerability detection
Compliance
Compliance Explorer
Enforce compliance checks
CIS Benchmarks
Prisma Cloud Labs compliance checks
Serverless functions compliance checks
Windows compliance checks
DISA STIG compliance checks
Custom compliance checks
Trusted images
Host scanning
VM image scanning
App-Embedded scanning
Detect secrets
Cloud discovery
OSS license management
Runtime defense
Runtime defense for containers
Runtime defense for hosts
Runtime defense for serverless functions
Runtime defense for App-Embedded
Custom runtime rules
Import and export individual rules
ATT&CK Explorer
Runtime Audits
Event Aggregation
Image analysis sandbox
Incident Explorer
Incident types
Altered binary
Backdoor admin accounts
Backdoor SSH access
Brute force
Cryptominers
Execution flow hijack attempt
Kubernetes attacks
Lateral movement
Malware
Port scanning
Reverse shell
Suspicious binary
Other incident types
Access control
Role-based access control for Docker Engine
Admission control with Open Policy Agent
Continuous integration
Jenkins plugin
Jenkins Freestyle project
Jenkins Maven project
Jenkins Pipeline project
Run Jenkins in a container
Jenkins pipeline on Kubernetes
CI plugin policy
Code repo scanning
WAAS
Web-Application and API Security (WAAS)
Deploy WAAS
Deploy WAAS for Containers
Deploy WAAS for Hosts
Deploy WAAS for Containers Protected By App-Embedded Defender
Deploy WAAS for serverless functions
Deploy WAAS Out-of-band
Deploy WAAS Out-of-band with VPC Traffic Mirroring
WAAS Troubleshooting
WAAS Sanity Tests
WAAS Explorer
App Firewall Settings
API Protection
DoS protection
Bot Protection
WAAS Access Controls
Advanced Settings
WAAS Analytics
API observations
API definition scan
WAAS custom rules
Detecting unprotected web apps
WAAS Log Scrubbing
Firewalls
Cloud Native Network Firewall (CNNF)
Secrets
Secrets manager
Integrate with secrets stores
Secrets Stores
AWS Secrets Manager
AWS Systems Manager Parameters Store
Azure Key Vault
CyberArk Enterprise Password Vault
HashiCorp Vault
Inject secrets into containers
Injecting secrets: end-to-end example
Alerts
Alert mechanism
AWS Security Hub
Cortex XDR alerts
Cortex XSOAR alerts
Email alerts
Google Cloud Pub/Sub
Google Cloud Security Command Center
IBM Cloud Security Advisor
JIRA Alerts
PagerDuty alerts
ServiceNow alerts
ServiceNow alerts
Slack Alerts
Splunk alerts
Webhook alerts
Audit
Event viewer
Host activity
Administrative activity audit trail
Annotate audit event records
Delete audit logs
Syslog and stdout integration
Log rotation
Throttling audits
Prometheus
Kubernetes auditing
Tools
twistcli
Scan images with twistcli
Scan code repos with twistcli
Install Console with twistcli
Update the Intelligence Stream in offline environments
Deployment patterns
Projects
Migration options for scale projects
Best practices for DNS and certificate management
Storage limits for audits and reports
Migrating to a SaaS Console
Performance planning
Automated deployment
High Availability and Disaster Recovery guidelines
API
Howto
Configure an AWS Classic Load Balancer for ECS
Configure Prisma Cloud Console’s listening ports
